Hostdog - administration https://www.hostdog.eu/tags/administration en Automatic cPanel installation guide for VPS/dedicated server https://www.hostdog.eu/blog/automatic-cpanel-installation-guide-vpsdedicated-server <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><a href="https://www.hostdog.eu/partner/cpanel" title="The cPanel control panel">cPanel</a> is the world’s leading hosting control panel in web hosting industry today. All features and tasks are accessible via a web interface and on top of that it provides all needed multiple levels of access for administrators, resellers and end-users right out of the box. In this article we will describe how one can install cPanel on a CentOS VPS/dedicated server. Later on we will make some common security tweaks and finally we will try to troubleshoot some common problems.</p> <p>Disclaimer/Common logic: Please note that many parts of this cPanel installation guide are coming directly from scripts that we use inhouse and we can not guarantee it will work for you. Always check cPanel's formal latest installation requirements we hold no responsibility etc.</p> <h2>Preparing CentOS for cPanel</h2> <p>First things first: We configure the OS (CentOS) for cPanel installation according to cPanel's requirements, usually the only thing we need to change to a fresh installation of CentOS (6.4 at the time this article is being written) is removing Postfix (E-mail server), disabling SELINUX, and turning iptables off. After that we proceed with necessary OS updates.</p> <div class="codeblock"><code>yum groupremove "E-mail server" -y<br />sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config<br />chkconfig iptables off<br />service iptables stop<br />yum install -y screen<br />screen<br />yum update -y &amp;&amp; reboot</code></div> <h2>Installing cPanel</h2> <p>After reconnecting to the server we are pretty much ready to go, cPanel's installation is pretty simple, but it will take some time. All installations' rules apply here as well, we don't want it to be disrupted, so we use the screen command we have just installed again.</p> <div class="codeblock"><code>screen<br />cd /home<br />wget -N http://httpupdate.cpanel.net/latest<br />sh latest</code></div> <h2>Securing cPanel</h2> <p>So are we ready to go? Well, there are a few steps regarding security we would make us feel more comfortable once followed. These are: Installation of CSF Firewall and I.D.S. plugin, disabling some PHP functions, mostly the ones recommended by CSF.</p> <h3>Installing CSF - ConfigServer Security &amp; Firewall</h3> <p>Again the installation is pretty simple</p> <div class="codeblock"><code>cd /root<br />rm -fv csf.tgz<br />wget http://www.configserver.com/free/csf.tgz<br />tar -xzf csf.tgz<br />cd csf<br />sh install.sh</code></div> <h3>CSF Configuration</h3> <p>Once installed you may browse some security recommendations under WHM -&gt; Plugins -&gt; ConfigServer Security&amp;Firewall -&gt; Check Server Security. In this example we will quic 'n' dirty apply a bunch of security tweaks. Please advise CSF's quite explanatory README for the below changes.</p> <div class="codeblock"><code>echo 'local-infile=0' &gt;&gt; /etc/my.cnf<br />sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf<br />sed -i 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,10022"/g' /etc/csf/csf.conf<br />sed -i 's/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703"/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703,10022"/g' /etc/csf/csf.conf<br />sed -i 's/IPV6 = "0"/IPV6 = "1"/g' /etc/csf/csf.conf<br />sed -i 's/SYSLOG_CHECK = "0"/SYSLOG_CHECK = "300"/g' /etc/csf/csf.conf<br />sed -i 's/FASTSTART = "0"/FASTSTART = "1"/g' /etc/csf/csf.conf<br />sed -i 's/SMTP_BLOCK = "0"/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf<br />sed -i 's/LF_SCRIPT_ALERT = "0"/LF_SCRIPT_ALERT = "1"/g' /etc/csf/csf.conf<br />sed -i 's/PT_ALL_USERS = "0"/PT_ALL_USERS = "1"/g' /etc/csf/csf.conf<br />sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config<br />sed -i 's/#Port 22/Port 10022/g' /etc/ssh/sshd_config<br />sed -i 's/enable_dl = On/enable_dl = Off/g' /usr/local/lib/php.ini<br />sed -i 's/disable_functions =/disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen/g' /usr/local/lib/php.ini<br />service sshd restart<br />service mysql restart<br />service portreserve stop<br />chkconfig portreserve off<br />csf -r<br />service lfd restart</code></div> <h2>Troubleshooting</h2> <p>There are not really that much errors that will make cPanel's installer to fail. Maybe the most common one is: "cpanel Fatal! Perl must be installed before proceeding!" in case perl isn't installed by default. In that case: </p><div class="codeblock"><code>yum install perl</code></div> will do the trick <p>That's all pretty much, the rest of configuration may be done through WHM panel and/or depending your environment (for example EasyApache build profile). You may also want to consider some tools like: <a href="https://www.hostdog.eu/blog/optimizing-mysql-database-using-mysqltunerpl" title="Optimizing MySQL using MySQLTuner script">MySQLTuner</a></p> <p>See also:</p> <ul><li><strong><a href="https://www.hostdog.eu/blog/virtualmin-installation-guide-debian" title="Virtualmin installation">Virtualmin installation guide</a></strong></li> </ul></div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above clearfix"><h3 class="field-label">Tags: </h3><ul class="links"><li class="taxonomy-term-reference-0"><a href="https://www.hostdog.eu/tags/cpanel">cpanel</a></li><li class="taxonomy-term-reference-1"><a href="https://www.hostdog.eu/tags/tutorial">tutorial</a></li><li class="taxonomy-term-reference-2"><a href="https://www.hostdog.eu/tags/administration">administration</a></li><li class="taxonomy-term-reference-3"><a href="https://www.hostdog.eu/tags/easy-install">easy install</a></li></ul></div> Mon, 04 Nov 2013 10:49:40 +0000 ploupas 617 at https://www.hostdog.eu How to find the IPs connecting to my server? https://www.hostdog.eu/blog/how-find-ips-connecting-my-server <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even">The following command displays a list of the IPs that are connected to our server ignoring the STATE of the connection (CLOSE_WAIT, ESTABLISHED, etc) <div class="codeblock"><code>netstat -tn 2&gt;/dev/null</code></div> -t flag tells netstat to display only TCP connections and -n flag tells netstat command not to resolve IPs to hostnames While stderr (2) redirection (&gt;) throws at "garbage" (/dev/null) means that we just don't want possible errors to break our cute output we are trying to make. At this point we have all usable information, but it is a little difficult to use, we will try to come to a more clear and handy format. Piping (|) to grep, we can keep only the IPs that are connecting to port 80 of our webserver. <div class="codeblock"><code>netstat -tn 2&gt;/dev/null | grep ":80 "</code></div> It would be also nice to keep only the 5th column right? <div class="codeblock"><code> netstat -tn 2&gt;/dev/null | grep ":80 " | awk '{print $5}'</code></div> Maybe the trickiest part here is that we only want IPs to be displayed so we use: cut -d: -f1 Where: -d tells cut to use the immediate following character as a delimiter. -f tells how many fields to output, in our case we just need one. <div class="codeblock"><code>netstat -tn 2&gt;/dev/null | grep ":80 " | awk '{print $5}' | cut -d: -f1</code></div> Then using sort, we are sorting our list, using -c we are counting unique occurrences and then we can display in descending order with sort -nr (numeric και reverse). It's in our judgement to use head to check only the first 10 results. <div class="codeblock"><code>netstat -tn 2&gt;/dev/null | grep ":80 " | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head</code></div> Of course, changing the port only in grep, ie to 25, we are able to see if someone is abusing our mail server or in a VPS hosting environment the tracking of a spammer can be a little bit easier. Also we can use a specific connection state in grep that we are interested in, count connections per process (using parameter -p in netstat). Essentially it's about few commands that combined together they become a very useful tool for an system &amp; network administrator.</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above clearfix"><h3 class="field-label">Tags: </h3><ul class="links"><li class="taxonomy-term-reference-0"><a href="https://www.hostdog.eu/tags/netstat">netstat</a></li><li class="taxonomy-term-reference-1"><a href="https://www.hostdog.eu/tags/linux">linux</a></li><li class="taxonomy-term-reference-2"><a href="https://www.hostdog.eu/tags/administration">administration</a></li><li class="taxonomy-term-reference-3"><a href="https://www.hostdog.eu/tags/grep">grep</a></li><li class="taxonomy-term-reference-4"><a href="https://www.hostdog.eu/tags/awk">awk</a></li><li class="taxonomy-term-reference-5"><a href="https://www.hostdog.eu/tags/network">network</a></li></ul></div> Thu, 25 Apr 2013 12:05:57 +0000 ploupas 351 at https://www.hostdog.eu